package com.iweb.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * spring security configuration
 */
@Configuration
// @EnableGlobalMethodSecurity(prePostEnabled = true)// 开启全局注解方式配置权限
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    /**
     * 配置密码的验证方式
     *
     * @return
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    // 授权规则
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                // 配置不需要验证的请求: 权限的校验是从上至下
                .antMatchers("/static/**", "/").permitAll()
                // 基于角色的授权 hasRole、基于权限的授权 hasAuthority
                .antMatchers("/user/database").hasAuthority("database_all")
                .antMatchers("/user/user").hasAuthority("user_all")
                .antMatchers("/user/table").hasAuthority("table_all")
                .antMatchers("/user/hello").hasAuthority("session")
                .anyRequest().permitAll()
                .and()
                .formLogin()
                .permitAll();
    }
}
